The use of contact centers continues to grow for operations and sales support, generating over $300 billion in revenue each year according to JLL Research. Given the sustained usage of contact centers, and the large amounts of sensitive data circulating through them, security – including insider threats – is a major concern for organizations leveraging contact centers.

Traditionally, protecting data in the contact center consisted of user training, awareness and monitoring and deploying compensating control technologies that manage access to data. Conclusions from the study found that 60 percent of organizations are still leveraging outdated pause-and-resume technologies to avoid storing sensitive data on call recordings. This requires users to be paused while collecting payment information, disrupting the flow of business and causing issues from an audit trail and complaint resolution perspective.

A key recommendation for businesses is to eliminate data breaches at the contact center level by preventing payment data from entering the environment. This means businesses must replace pause-and-resume systems with modern Dual Tone Multi Frequency (DTMF) masking technology. By doing so, organizations are able to de-scope contact center payment processing from PCI DSS requirements, allowing payment card information to be entered into the application without computer and/or agent access to the data. This helps to reduce fraud loss by eliminating sensitive card data from the conversation – ensuring that, in the event of a breach, data will not be compromised.

“Contact centers must focus mainly on six of the twelve requirements of PCI DSS when in-scope. There is also the need to validate the PCI requirements of the supporting IT security and operational systems. Not only is this a lot of effort, when compared to other industries, contact centers are notorious for high employee turnover rates, resulting in more opportunities for sensitive data to be mismanaged by insiders,” said James Barham, CEO, PCI Pal. “With 72 percent of contact centers accepting card payments over the phone, organizations must strike a balance between providing positive customer experiences by streamlining processes and ensuring compliance standards are met.”

For background, in 2017, Verizon Professional Services Security Assurance practice and PCI Pal established a business relationship – a collaborative partnership on payment card industry (PCI) opportunities through the joint publication of white papers, public speaking engagements and other joint marketing and sales initiatives.